Internet Engineering Task Force (IETF) V. Cakulev
Request for Comments: 6738 Alcatel Lucent
Category: Standards Track A. Lior
ISSN: 2070-1721 Bridgewater Systems
S. Mizikovsky
Alcatel Lucent
October 2012
Diameter IKEv2 SK: Using Shared Keys to Support Interaction between
IKEv2 Servers and Diameter Servers
Abstract
The Internet Key Exchange Protocol version 2 (IKEv2) is a component
of the IPsec architecture and is used to perform mutual
authentication as well as to establish and to maintain IPsec Security
Associations (SAs) between the respective parties. IKEv2 supports
several different authentication mechanisms, such as the Extensible
Authentication Protocol (EAP), certificates, and Shared Key (SK).
Diameter interworking for Mobile IPv6 between the Home Agent (HA), as
a Diameter client, and the Diameter server has been specified.
However, that specification focused on the usage of EAP and did not
include support for SK-based authentication available with IKEv2.
This document specifies the IKEv2-server-to-Diameter-server
communication when the IKEv2 peer authenticates using IKEv2 with SK.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc6738.
Cakulev, et al. Standards Track [Page 1]RFC 6738 Diameter IKEv2 SK October 2012Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction ....................................................3
2. Requirements Notation ...........................................4
2.1. Abbreviations ..............................................4
3. Application Identifier ..........................................5
4. Protocol Description ............................................5
4.1. Support for IKEv2 and Shared Keys ..........................5
4.2. Session Management .........................................7
4.2.1. Session-Termination-Request/Answer ..................7
4.2.2. Abort-Session-Request/Answer ........................7
5. Command Codes for Diameter IKEv2 with SK ........................7
5.1. IKEv2-SK-Request (IKESKR) Command ..........................8
5.2. IKEv2-SK-Answer (IKESKA) Command ...........................9
6. Attribute-Value Pair Definitions ...............................10
6.1. IKEv2-Nonces ..............................................10
6.1.1. Ni .................................................10
6.1.2. Nr .................................................10
6.2. IKEv2-Identity ............................................10
6.2.1. Initiator-Identity .................................10
6.2.2. Responder-Identity .................................11
7. AVP Occurrence Tables ..........................................12
8. AVP Flag Rules .................................................13
9. IANA Considerations ............................................14
9.1. Command Codes .............................................14
9.2. AVP Codes .................................................14
9.3. AVP Values ................................................14
9.4. Application Identifier ....................................14
10. Security Considerations .......................................15